Remember: An ease-of-use limitation exists for nonroot users
who create profiles. Mechanisms within the Profile Management Tool that suggest unique
names and port values are disabled for nonroot users. The nonroot
user must change the default field values in the Profile Management Tool for the profile
name, node name, cell name, and port assignments.
Consider assigning nonroot users a range of values for each of the
fields. You can assign responsibility to the nonroot users for adhering
to their assigned value ranges and for maintaining the integrity of
their own definitions.
Best practice: ![[Updated in September 2012]](../../delta.gif)
IBM
recommends starting processes that run on the same profile with user
IDs that have mutually compatible file permissions, meaning that each
process can read or update files that the other processes create.
This ensures that the processes can access the same files without
encountering a permission-denied error. For example, if you run the
deployment manager as user
wasuser and then also
run the command line tool to generate plug-ins on that same profile,
you should run the tool as user
wasuser.
![[Updated in September 2012]](../../deltaend.gif)
sep2012
bprac
Tip: In WebSphere
® Application Server
Version 8.0.0.4 and later, files created by an administrator outside
of the
Program Files directory are usable by
non-administrators. This allows an administrator to create a profile
outside of the WebSphere Application
Server installation directory and have a non-administrator manage
the profile. To use this functionality, perform the following actions:
- Install WebSphere Application
Server to a directory that has no default write permissions for non-administrators—C:\Program
Files (x86) for example.
- Install the Version 8.0.0.4 or later fix pack using Installation
Manager.
- Modify the app_server_root/properties/wasprofile.properties file.
The following should have been added by the fix pack to the bottom
of the file:
#-----------------------------------------------------------------------
# Specify if enhanced/fixed Apache ant task behaviour should be used.
#
# Note that this only has effect on Windows platforms.
#-----------------------------------------------------------------------
WS_USE_ENHANCED_OPENSOURCE_BEHAVIOUR=false
Simply change
the value of WS_USE_ENHANCED_OPENSOURCE_BEHAVIOUR to
true, and you can take advantage of this feature. For example:
- Launch the Profile Management Tool to create a profile.
- When creating the profile, select the advanced flow.
- Set the profile path to somewhere outside the C:\Program
Files (x86) directory (or whichever directory was used
for the installation) where non-administrators have default write
permissions—C:\Profiles\AppSrv01 for example.
- Make sure that you do not use a Windows service
when creating the profile.
- Make sure that the app_server_root/bin/setupCmdLine.bat file
has read permissions for non-administrators.
- You should be able to log in with a non-administrator ID and start
the server.